clarification for systrace

To: misc_(_at_)_openbsd_(_dot_)_org

Subject: clarification for systrace

From: tedu <grendel_(_at_)_zeitbombe_(_dot_)_org>

Date: Sun, 13 Oct 2002 07:20:39 -0700 (PDT)

Organization: Mead Halls Inc.

Hello again misc.
1. Does order matter, and is it first match or last match?
Ex: I want to permit access to /home/tedu/* and subdirs, but not
/home/tedu/secret.
2. Best way to only match files in a dir, but not subdirs.
Ex: Permit access to /home/tedu/* but not recursively.
3. Documentation for the aliases. Anywhere other than source?
4. Documentation for the extra options, like permit as root or
predicates.
Ex: Niels's page says "In combination with dynamic predicates, it is
possible to allow an unprivileged application to bind to a reserved port
exactly once." How (exactly once)?
--
Mediocrity is a sin.